package com.corecloud.security.oauth;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * 资源服务器
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

	@Override
	public void configure(ResourceServerSecurityConfigurer resources) {
		resources
		 .resourceId("coreservice");
	}


	@Override
	public void configure(HttpSecurity http) throws Exception {
		/**
		 * 默认允许访问所有资源
		 */
		http
		.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
        .and()
        .authorizeRequests()
		.antMatchers("/sample/**","/api/**").authenticated();


		//oauth适配登录
		http
				.formLogin()//允许表单登录
				.defaultSuccessUrl("/home/index")//默认登录成功路由
				.permitAll();//允许所有用户访问登录页
	}
}
